Skip to content

Commit

Permalink
src: fix ValidateDSAParameters when fips is enabled
Browse files Browse the repository at this point in the history
Currently, the following compilation errors are generated when
configuring --openssl-is-fips:

../src/node_crypto.cc: In function ‘bool
node::crypto::ValidateDSAParameters(EVP_PKEY*)’:
../src/node_crypto.cc:4886:55: error: ‘pkey’ was not declared in this
scope
   if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(pkey.get())) {
                                                       ^~~~
../src/node_crypto.cc:4886:55: note: suggested alternative: ‘key’
   if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(pkey.get())) {
                                                       ^~~~
                                                       key
../src/node_crypto.cc:4898:35: error: expected ‘;’ before ‘}’ token
            (L == 3072 && N == 256)
                                   ^
                                   ;
   }

This commit fixes the errors, and after this compilation is successful.

PR-URL: #29407
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
danbev authored and targos committed Sep 20, 2019
1 parent d6ba106 commit 010d29d
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4880,8 +4880,8 @@ static AllocatedBuffer Node_SignFinal(Environment* env,
static inline bool ValidateDSAParameters(EVP_PKEY* key) {
#ifdef NODE_FIPS_MODE
/* Validate DSA2 parameters from FIPS 186-4 */
if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(pkey.get())) {
DSA* dsa = EVP_PKEY_get0_DSA(pkey.get());
if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(key)) {
DSA* dsa = EVP_PKEY_get0_DSA(key);
const BIGNUM* p;
DSA_get0_pqg(dsa, &p, nullptr, nullptr);
size_t L = BN_num_bits(p);
Expand All @@ -4892,7 +4892,7 @@ static inline bool ValidateDSAParameters(EVP_PKEY* key) {
return (L == 1024 && N == 160) ||
(L == 2048 && N == 224) ||
(L == 2048 && N == 256) ||
(L == 3072 && N == 256)
(L == 3072 && N == 256);
}
#endif // NODE_FIPS_MODE

Expand Down

0 comments on commit 010d29d

Please sign in to comment.